Configure PingFederate to provision users and groups to Salesforce, and enable single sign-on. For general information, see Configure outbound provisioning in the PingFederate documentation.

Note: You can follow these steps to create a new SP connection, or you can modify an existing connection.
  1. In the PingFederate administrator console, create a new SP connection:
    • For PingFederate 10.1 or later: go to Applications > Integration > SP Connections. Click Create Connection.
    • For PingFederate 10.0 or earlier: go to Identity Provider > SP Connections. Click Create Connection.
  2. On the Connection Template tab, select Do not use a template for this connection. Click Next.
  3. On the Connection Type tab, select only Outbound Provisioning. From the Type list, select Salesforce Contacts Provisioner. Click Next.
  4. On the General Info tab, configure the basic connection information.
    1. In the Entity ID field, enter any value. This field is not used for this integration.
    2. In the Connection Name field, enter a name of your choosing. Click Next.
  5. On the Outbound Provisioning tab, configure provisioning with the following details.

    For help, see Configuring outbound provisioning in the PingFederate documentation.

    1. On the Target tab, in the Client ID field, enter the Consumer Key that you noted in Registering PingFederate as a connected app in Salesforce.
    2. In the Client Secret field, enter the Consumer Secret that you noted in Registering PingFederate as a connected app in Salesforce.
    3. In the OAuth Access Token field, enter the Access Token that you noted in Getting an API access token from Salesforce.
    4. In the OAuth Refresh Token field, enter the Refresh Token that you noted in Getting an API access token from Salesforce.
    5. In the Salesforce Domain field, enter the domain of your Salesforce site. For example, mycompany.my.salesforce.com in the URL https://mycompany.my.salesforce.com.
    6. From the Salesforce Record Type list, select the type of record you want to create in Salesforce.
      Note: For more information, see Contacts and Leads in the Salesforce documentation.
      Note: Although you can change this setting after creating the connection, it requires that you refresh and remap all attributes. Instead, we recommend that you create a new connection with the other record type.
    7. Under Provisioning Options, customize the provisioning connector behavior by referring to Provisioning options reference.
    1. On the Manage Channels > Attribute Mapping tab, at the bottom of the attribute list, click Refresh Fields to get fields and specifications from your Salesforce site. Complete the attribute mappings by referring to Supported attributes reference.
      For help, see Managing channels in the PingFederate documentation.
  6. On the Activation and Summary tab, above the Summary section, click the toggle to turn on the connection. Click Save.